Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5

net/base/x509_certificate.cc

Index: net/base/x509_certificate.cc
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc
index 915838897e80ac7c5517c19357aa59f706969dbd..1deb56e652a94b5600f2e0a4eef23837e52b0cc4 100644
--- a/net/base/x509_certificate.cc
+++ b/net/base/x509_certificate.cc
@@ -603,6 +603,12 @@ int X509Certificate::Verify(const std::string& hostname, int flags,
     rv = MapCertStatusToNetError(verify_result->cert_status);
   }
 
+  if (verify_result->has_md2 || verify_result->has_md4 ||
+      verify_result->has_md5) {

[palmer, 2011/10/24 18:22:31]

wtc does not want to ban MD5 yet. To ban MD5, and we ultimately must, we will
want to collaborate with other browser vendors and CA/B Forum. For now, let's
only ban MD2 and MD5.

NOTE that we MUST NOT ban the 4 known Verisign MD2-signed root certs. (I don't
know if this code applies to roots, or just end entities and intermediaries?)

We could conceivably ban MD2 (and MD4) also for roots but special-case the 4
known MD2 root certs. That would be the tightest solution, if feasible.

[wtc, 2011/10/24 22:41:14]

The signatures in the self-signed certificates of root CAs
used as trust anchors are not important.

rsleevi: please make sure verify_result->has_md[2,4,5]
do not include the root CA certificates.  We should document
their meanings in net/base/cert_verify_result.h.  Thanks!

[Ryan Sleevi, 2011/10/24 23:16:32]

The logic currently includes roots (both has_mdX and has_mdX_ca have made no
remark towards roots]. I will adjust that accordingly.

+    verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
+    rv = MapCertStatusToNetError(verify_result->cert_status);
+  }
+
   return rv;
 }